Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement - IMC '05 2005
DOI: 10.1145/1330107.1330147
|View full text |Cite
|
Sign up to set email alerts
|

Combining filtering and statistical methods for anomaly detection

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
151
0
3

Year Published

2009
2009
2021
2021

Publication Types

Select...
6
1
1

Relationship

1
7

Authors

Journals

citations
Cited by 235 publications
(169 citation statements)
references
References 0 publications
0
151
0
3
Order By: Relevance
“…In this model we assume that the state-noise W t and the measurement-noise V t are uncorrelated zero-mean gaussian white-noise processes with covariance matrices Q t and R t , respectively. For a full understanding of these system, we refer the reader to our work in [4]. Since we have found a model and system equations for our system, next we need to deal properly with the different steps of our optimization algorithm for anomaly decision issue.…”
Section: Methodsmentioning
confidence: 99%
See 2 more Smart Citations
“…In this model we assume that the state-noise W t and the measurement-noise V t are uncorrelated zero-mean gaussian white-noise processes with covariance matrices Q t and R t , respectively. For a full understanding of these system, we refer the reader to our work in [4]. Since we have found a model and system equations for our system, next we need to deal properly with the different steps of our optimization algorithm for anomaly decision issue.…”
Section: Methodsmentioning
confidence: 99%
“…Our study is built on traffic matrix scheme [2], [4]. Each traffic matrix entries describes the average volume of traffic, in a given time interval, that originates at a given source node (routers) and is headed towards a particular destination node.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…of packets, bytes, or new flows) and/or particular traffic features (e.g., distribution of IP addresses and ports), using either single-link measurements or network-wide data. A non-exhaustive list of standard methods includes the use of signal processing techniques (e.g., ARIMA modeling, wavelets-based filtering) on single-link traffic measurements [1], Kalman filters [4] for network-wide anomaly detection, and Sketches applied to IP-flows [5,6].…”
Section: Related Work and Contributionsmentioning
confidence: 99%
“…To evaluate the performance of AR prediction, EWMA and NSHW methods, anomalies from either real traffic data or synthetic anomaly generator can be used [5], [9], [10]. Because the exact statistical properties of anomalies are too difficult to be simulated, and A. Soule et al [10] has shown that the synthetic anomalies may result in a reversed result to the real anomalies for evaluating anomaly detection methods, we will use the real traffic collected on different links of SINET3 to evaluate the AR prediction method comparing with EWMA and NSHW methods.…”
Section: B Nshwmentioning
confidence: 99%